[dot] Security: Temporary File and Konqueror Frame Injection
Vulnerabilities
Dot Stories
stories at kdenews.org
Wed Aug 11 18:44:06 CEST 2004
URL: http://dot.kde.org/1092237029/
From: Waldo Bastian <bastian at kde.org>
Dept: black-wednesday
Date: Wednesday 11/Aug/2004, @17:10
Security: Temporary File and Konqueror Frame Injection Vulnerabilities
======================================================================
Three security advisories have been issued today for KDE. The first
advisory [http://www.kde.org/info/security/advisory-20040811-1.txt]
concerns the unsafe handling of KDE's temporary directory in certain
circumstances. The second advisory
[http://www.kde.org/info/security/advisory-20040811-2.txt] relates to
the unsafe creation of temporary files by KDE 3.2.x's dcopserver
[http://www.kde.org/areas/sysadmin/startup.php#dcopserver]. The third
advisory [http://www.kde.org/info/security/advisory-20040811-3.txt] is
about a frame injection vulnerability in Konqueror as earlier reported
by Heise Online and Secunia.
[http://www.heise.de/newsticker/meldung/48793]
Distributions are expected to have updated binary packages
available shortly. All issues mentioned above have also been fixed in
the KDE 3.3 Release Candidate 2
[http://download.kde.org/unstable/3.3.0rc2/src/] that was announced
yesterday [http://dot.kde.org/1092139173/]. The final release of KDE 3.3
is expected later this month.
More information about the dot-stories
mailing list